CVE-2025-7209

CVE-2025-7209

Name

CVE-2025-7209

Description

A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
patch	https://git.9front.org/plan9front/plan9front/deae8939583d83fd798fca97665e0e94656c3ee8/commit.html
issue-tracking	https://github.com/9fans/plan9port/issues/711
issue-tracking	https://github.com/9fans/plan9port/issues/711#issuecomment-2819905220
exploit	https://github.com/user-attachments/files/19698361/plan9port_crash_2.txt
signature	https://vuldb.com/?ctiid.315157
vdb-entry	https://vuldb.com/?id.315157
third-party-advisory	https://vuldb.com/?submit.607685

Type

URI

patch

https://git.9front.org/plan9front/plan9front/deae8939583d83fd798fca97665e0e94656c3ee8/commit.html

issue-tracking

https://github.com/9fans/plan9port/issues/711

issue-tracking

https://github.com/9fans/plan9port/issues/711#issuecomment-2819905220

exploit

https://github.com/user-attachments/files/19698361/plan9port_crash_2.txt

signature

https://vuldb.com/?ctiid.315157

vdb-entry

https://vuldb.com/?id.315157

third-party-advisory

https://vuldb.com/?submit.607685

CPE URI	Source package	Min version	Max version
	plan9port	== 9da5b44	== 9da5b44
`cpe:2.3:a:9fans:plan9port::::::::`	plan9port	>= None	<= 2025-03-29

CPE URI

Source package

Min version

Max version

plan9port

== 9da5b44

cpe:2.3:a:9fans:plan9port:*:*:*:*:*:*:*:*

plan9port

>= None

<= 2025-03-29

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
plan9port	edge-community	0_git20260208-r0	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	edge-community	0_git20241022-r1	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	edge-community	0_git20241022-r0	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	edge-community	0_git20240110-r0	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	3.23-community	0_git20241022-r2	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
plan9port	3.23-community	0_git20241022-r1	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

plan9port

edge-community

0_git20260208-r0

Sören Tempel <soeren+alpine@soeren-tempel.net>

possibly vulnerable

plan9port

edge-community